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Amendments to the Claims : 

Status of Claims: 

Claims 1, 5-21 , 25-41, 45-60, 81 and 85-98 are pending for examination. 
Claims 5, 21-40, 45, and 81-98 are canceled herein. 



Claims 1, and 41 are in independent form. 
Claims Listing \ 

1 . (Currently Amended) A computer-implemented method of operating a 
reference monitor simulator op e rab l e to recreate the operations performed by a 
reference monitor on a computer system, the method comprising: 

(A) defining at least one security rule specifying whether to allow or deny a 
request to access at least one resource; 

(B) supplying at least one request to access a resource; and 

(C) applying the at least one security rule in response to the at least one 
request to access a resource to determine whether to allow or prevent the at least 
one request; and 

controlling the reference monitor simulator to operate at an accelerated rate 
as compared to an actual reference monitor bv providing at least one parameter that 
defines d e f i n i ng a system environment in which the reference monitor simulator 
executes , where the at least one parameter includes; a time paramete r, where the 
time parameter controls one or more of, eliminating a time gap between trace 
reguests. indicating that a time period between portions of a trace request has 
elapsed, and running a system clock faster than real-time which def i nes tho pannngn 
of tim e porc ei v e d by th e computor system, th e pasoago of tim e ind i cat e d by tho timo 
param e t e r is factor than tho actua l passag e of t i mo . 



Claims 1, and 41 are amended herein. 



Page 2 of 13 



Application No. 10/822,069 
Filing Date: 04/09/2004 
Attorney Docket No. 368605 



Applicant(s): KRAEMER, etal. 
Examiner: TRANG DOAN 
Group Art Unit: 2131 



2.-5. (Canceled) 

6. (Original) The method of claim 1 , further comprising: 

(D) assessing the effectiveness of the at least one security rule. 

7. (Original) The method of claim 6, wherein assessing the effectiveness of the 
security rule further comprises determining at least one of the number of improper 
access requests prevented and the number of proper access requests allowed. 

8. (Original) The method of claim 6, wherein assessing the effectiveness of the 
security rule further comprises determining a rate of improper requests prevented. 

9. (Original) The method of claim 1 , wherein (8) further comprises an application 
program supplying the at least one request to access a resource. 

1 0. (Original) The method of claim 1 , wherein (8) further comprises capturing at 
least one request to access a resource before supplying the at least one request to 
access a resource. 

1 1 . (Original) The method of claim 1 0, wherein a reference monitor performs the 
capture of the at least one request to access a resource. 

1 2. (Original) The method of claim 1 1 , wherein the reference monitor which 
performs the capture of the at least one request to access a resource is the same 
type of reference monitor as the reference monitor whose operations are recreated 
by the reference monitor simulator. 
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13. (Original) The method of claim 10, wherein the captured at least one request 
to access a resource is an improper request. 

14. (Original) The method of claim 13, wherein an improper request comprises a 
request issued by an application in response to one of a virus and a buffer overrun 
attack. 

15. (Original) The method of claim 10, wherein the captured at least one request 
is modified prior to supplying the at least one request to access a resource. 

16. (Original) The method of claim 15, wherein the modification is performed by a 
user. 

17. (Original) The method of claim 6, wherein an electronic file system stores the 
at least one security rule, and wherein (D) further comprises the reference monitor 
simulator accessing the security rule in the electronic file system in response to 
receiving the at least one request to access a resource. 

1 8. (Previously Presented) The method of claim 1 , wherein the at least one 
parameter provided to the reference monitor simulator further includes at least one 
of a system clock, a wrapper function, and a timer event. 

1 9. (Original) The method of claim 1 , further comprising: 

(E) maintaining statistics on the operation of the reference monitor 

simulator. 
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20. (Original) The method of claim 19, wherein the statistics include at least one 
of the number of requests per resource, number of total requests, type of request 
per resource, total of each type of request, number of queries, number of callbacks, 
number of requests allowed compared to number of requests expected, and number 
of requests prevented compared to number of prevented requests expected. 

21. -40. (Cancelled) 

41 . (Currently Amended) A system for providing a reference monitor simulator for 
simulating the operations performed by a reference monitor, the system comprising: 
a definer component to define at least one security rule specifying whether to 
allow or deny a request to access at least one resource under a given set of 
circumstances; 

a supplier component to supply at least one request to access a resource; 

and 

an applier component to apply the at least one security rule in response to the 
at least one request to access a resource to determine whether to allow or prevent 
the at least one request; and 

a control component to control the reference monitor simulator to operate at 
an accelerated rate as compared to an actual reference monitor bv providing at least 
one parameter that defines a system environment in which the reference monitor 
simulator executes, where the at least one parameter includes a time parameter. 
where the time parameter controls one or more of. eliminating a time gap between 
trace reguests. indicating that a time period between portions of a trace reguest has 
elapsed, and running a system clock faster than real-time 



.; and 
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a prov i der component to prov i d e at l oast on e parameter def i n i ng th e systom 

env i ronment i n which the roforenco mon i tor oxocut e s. the at lo ast on e param o t o r 
i ncludes a t i mo param e ter wh i ch def i nes th e passage of t i mo p e rc e iv e d by th e 
comput e r systom, th e passage of t i m o i nd i cated by tho t i me param e t e r i s fast e r than 
th e actua l passage of t i mo . 

42.-45. (Canceled) 

46. (Original) The system of claim 41 , further comprising an assessor component 
to assess the effectiveness of the at least one security rule. 

47. (Original) The system of claim 46, wherein assessing the effectiveness of the 
security rule further comprises determining at least one of the number of improper 
access requests prevented and the number of proper access requests allowed. 

48. (Original) The system of claim 46, wherein assessing the effectiveness of the 
security rule further comprises determining a rate of improper requests prevented. 

49. (Original) The system of claim 41 , further comprising an application program 
to supply the supplier component with the at least one request to access a resource. 

50. (Original) The system of claim 41 , further comprising a capture component to 
capture at least one request to access a resource before supplying the at least one 
request to access a resource. 

51 . (Original) The system of claim 50, wherein the capture component includes a 
second reference monitor. 
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52. (Original) The system of claim 51 , wherein the second reference monitor is a 

i 

same type of reference monitoras the reference monitor whose operations are 

recreated by the reference monitor simulator. 

i 

53. (Original) The system of claim 50, wherein the capture component captures at 
least one request to access a resource which is an improper request. 

54. (Original) The system of claim 53, wherein an improper request comprises a 
request issued by an application in response to one of a virus and a buffer overrun 
attack. 

55. (Original) The system of claim 50, further comprising a modification 
component to modify at least one captured request prior to supplying the at least 
one request to access a resource. 

56. (Original) The system of claim 55, wherein the modification component takes 
input from a user. 

57. (Original) The system of claim 41 , further comprising an electronic file system 
which stores the at least one security rule, and the applier component accesses the 
security rule in the electronic file system in response to receiving at least one 
request to access a resource. 

58. (Previously Presented) The system of claim 41 , wherein the provider 
component provides at least one parameter to the reference monitor simulator which 
includes at least one of a system clock, a wrapper function, and a timer event. 
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59. (Original) The system of claim 4 
(E) a statistics component to 
reference monitor simulator. 



1, further comprising: 

maintain statistics on the operation of the 



60. (Original) The system of claim 59, wherein the statistics component maintains 
statistics which include at least one of the number of requests per resource, number 



of total requests, type of request per resource, total of each type of request, number 
of queries, number of callbacks, number of requests allowed compared to number of 
requests expected, and number of requests prevented compared to number of 



prevented requests expected. 



61. -98. (Canceled) 
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